CORE Impact Pro Exploits and Security Updates

When you buy CORE Impact Pro, we provide real-time updates including new penetration testing exploits and tests for additional platforms as they become available. We advise you of any new modules by email, after which you can download them directly from within CORE Impact Pro. All product updates are free during the license period. You're always on the cutting edge of vulnerability and threat intelligence because CORE Impact Pro keeps you there.

Use the controls below to navigate CORE Impact exploits and other modules.

Released Datesort ascending Title Description Vulnerabilty Category Platform
06.07.2012 IBM Tivoli Provisioning Manager Express for Software ActiveX Buffer Overflow Exploit Update 2 A flaw exists within the way the IBM Tivoli Provisioning Manager Express for Software ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server. This update corrects the CVE number, adds support for Internet Explorer 8 and disables DEP. This update improves the exploit. CVE-2012-0198 Exploits/Client Side Windows
06.06.2012 AT TFTP Server Long Filename Buffer Overflow Exploit Update 2 The vulnerability is caused due to a boundary error during the processing of TFTP Read/Write request packet types. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet with an overly long filename field. This update ensures that the program receives all data. This update fixes an error on Impact v12.3. CVE-2006-6184 Exploits/Remote Windows
06.06.2012 Adobe Photoshop Collada Asset Elements Buffer Overflow Exploit Adobe Photoshop CS5.1 is prone to a unicode overflow which occurs when overlong asset elements are processed. CVE-2012-2052 Exploits/Client Side Windows
06.06.2012 IBM Tivoli Provisioning Manager Express for Software ActiveX Buffer Overflow Exploit Update A flaw exists within the way the IBM Tivoli Provisioning Manager Express for Software ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server. This update corrects the CVE number, adds support for Internet Explorer 8 and disables DEP. CVE-2012-0198 Exploits/Client Side Windows
06.06.2012 MSRPC DCOM Exploit Update 2 This Update adds MS03-026 in XML. CVE-2003-0352 Exploits/Remote Windows
06.05.2012 Samba Username Map Script Command Injection Exploit Update The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled. This update adds Solaris support. CVE-2007-2447 Exploits/Remote Solaris, Linux
06.04.2012 OpenSSH unexpected PAM authentication exploit Update This module exploits an error in the PAM authentication code and installs an agent into the target host. This update improves the reliability of the exploit. CVE-2003-0786 Exploits/Remote Solaris, Linux
05.31.2012 HP Data Protector EXEC_CMD Exploit This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request. CVE-2011-1866 Exploits/Remote Windows
05.31.2012 Novell ZENworks Configuration Management Preboot Service Opcode 0x21 Buffer Overflow Exploit This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP. NOCVE-9999-43820 Exploits/Remote Windows
05.31.2012 HP Easy Printer Care XMLCacheMgr Class ActiveX Control Code Execution Exploit This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embeddeding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. CVE-2011-4786 Exploits/Client Side Windows
05.30.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 6 This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
05.28.2012 CyberLink Power2Go P2G Name Attribute Buffer Overflow Exploit A stack-based buffer overflow in CyberLink Power2Go allows an attacker to execute arbitrary code via an overly long name attribute in a .P2G file. NOCVE-9999-52040 Exploits/Client Side Windows
05.23.2012 Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-034) Update 4 This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ). This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters. When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption. CVE-2012-0181 Exploits/Local Windows
05.23.2012 NET-i Viewer CNC Ctrl dll ActiveX BackupToAvi() Buffer Overflow Exploit The vulnerability is caused due to a boundary error in the CNC_Ctrl.dll ActiveX control when handling the BackupToAvi() method. NOCVE-9999-52068 Exploits/Client Side Windows
05.23.2012 LANDesk Lenovo ThinkManagement Console Remote Command Execution Exploit This module exploits a file upload vulnerability in the LANDesk Lenovo ThinkManagement Console. Unrestricted file upload in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request. CVE-2012-1195 Exploits/Remote Windows
05.22.2012 McAfee Virtual Technician MVTControl ActiveX Exploit This module exploits a vulnerability in McAfee Virtual Technician MVTControl, which can be abused by using the GetObject() function to load unsafe classes, therefore allowing remote code execution under the context of the user. NOCVE-9999-52287 Exploits/Client Side Windows
05.22.2012 HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Exploit This module allows remote attackers to place arbitrary files on a users file system by abusing the "saveXML" method from the "XMLSimpleAccessor" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embedding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs. CVE-2011-2404 Exploits/Client Side Windows
05.22.2012 ispVM System XCF File Processing Buffer Overflow Exploit A buffer overflow vulnerability exists in ispVM when processing crafted .XCF files can be exploited via an overly long version value within the ispXCF tag. NOCVE-9999-52428 Exploits/Client Side Windows
05.22.2012 3D Life Player WebPlayer ActiveX Buffer Overflow Exploit A boundary error exists in the WebPlayer ActiveX control when processing the "SRC" property with an overly long string. NOCVE-9999-52362 Exploits/Client Side Windows
05.22.2012 PAC-Designer File Processing Buffer Overflow Exploit The vulnerability is caused due to a boundary error when processing the <SymbolicSchematicData> tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string. CVE-2012-2915 Exploits/Client Side Windows
05.22.2012 Oracle Outside In sccfut dll Buffer Overflow Exploit The flaw exists within the sccfut.dll component which is used by multiple vendors. The process copies the target of a crafted tag to a local stack buffer. CVE-2012-0110 Exploits/Client Side Windows
05.17.2012 SAP Netweaver DiagTraceR3Info Remote Buffer Overflow Exploit The DiagTraceR3Info function of the disp+work.exe component of SAP Netweaver is prone to a remote buffer overflow when the work process trace level is set to values 2 or 3 for the Dialog Processor component. This vulnerability can be exploited to execute arbitrary code on the vulnerable machine by sending a specially crafted packet containing ST_R3INFO CODEPAGE items. CVE-2012-2611 Exploits/Remote Windows
05.16.2012 CA Total Defense UNCWS Web Service deleteReportFilter Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The deleteReportFilter method makes use of the uncsp_DeleteFilter stored procedure, which is vulnerable to SQL Injection. CVE-2011-1653 Exploits/Remote Windows
05.16.2012 Citrix Gateway ActiveX Nsepa Buffer Overflow Exploit This module exploits a buffer overflow vulnerability in the NSEPA.NsepaCtrl.1 ActiveX control in Nsepa.ocx in Citrix Access Gateway Enterprise Edition. When the control processes a crafted HTTP header data, a stack based buffer overflow occurs allowing execution of arbitrary code. CVE-2011-2882 Exploits/Client Side Windows
05.16.2012 IBM Rational ClearQuest RegisterSchemaRepoFromFileByDbSet ActiveX Control Buffer Overflow Exploit IBM Rational ClearQuest ActiveX control Cqole.dll is vulnerable to a buffer overflow, caused by a function prototype mismatch in the RegisterSchemaRepoFromFileByDbSet() function. CVE-2012-0708 Exploits/Client Side Windows
05.16.2012 CA Total Defense UNCWS Web Service DeleteReports Remote Code Execution Exploit The UNCWS Web Service component of CA Total Defense listens for SOAP requests. The DeleteReports method makes use of the uncsp_DeleteReports stored procedure, which is vulnerable to SQL Injection. A remote unauthenticated attacker can exploit this to execute arbitrary code on a vulnerable machine with SYSTEM privileges. CVE-2011-1653 Exploits/Remote Windows
05.15.2012 Dell Webcam CrazyTalk4Native.dll ActiveX Buffer Overflow Exploit The CrazyTalk4Native.dll bundled with Dell Webcam Central is prone to a buffer overflow which is exploited by this module. NOCVE-9999-51753 Exploits/Client Side Windows
05.15.2012 ASUS Net4Switch ipswcom ActiveX Buffer Overflow Exploit ASUS Net4Switch is prone to an overflow condition related to the ActiveX component ipswcom.dll. The CxDbgPrint()function (cxcmrt.dll) fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted message string passed to the Alert() method, a remote attacker can potentially execute arbitrary code. NOCVE-9999-51474 Exploits/Client Side Windows
05.15.2012 Microsoft Windows OLE Property Code Execution Exploit (MS11-093) Microsoft Windows does not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object within a file. CVE-2011-3400 Exploits/Client Side Windows
05.15.2012 VLC MMS Stream Handling Buffer Overflow Exploit A Stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. CVE-2012-1775 Exploits/Client Side Windows

Pages